Machine-to-machine (M2M) technologies allow devices to communicate more directly with each other using wired and wireless communications systems. M2M technologies enable further realization of the Internet of Things (IoT), a system of uniquely identifiable objects and virtual representations of such objects that communicate over a network, such as the Internet. IoT may facilitate communication with even mundane everyday objects, such as products in a grocery store, and thereby reduce costs and waste by improving knowledge of such objects. For example, stores may maintain very precise inventory data by being able to communicate with, or obtain data from, objects that may be in inventory or may have been sold. As will be appreciated, the IoT has the potential to include many millions of devices.
FIG. 1A is a diagram that illustrates an exemplary oneM2M functional architecture 100. The oneM2M standard under development defines a Service Layer called “Common Service Entity (CSE)” as illustrated in FIG. 1A-B. The purpose of the Service Layer is to provide “horizontal” services that can be utilized by different ‘vertical’ M2M silo systems and applications, such as e-Health, fleet management, and smart homes. CSE supports four reference points. The Mca reference point interfaces with the Application Entity (AE). The Mcc reference point interfaces with another CSE within the same service provider domain and the Mcc′ reference point interfaces with another CSE in a different service provider domain. The Mcn reference point interfaces with the underlying network service entity (NSE). An NSE provides underlying network services to the CSEs, such as device management, location services and device triggering. CSE contains multiple logical functions called “Common Service Functions (CSFs)”, such as “Discovery”, “Data Management & Repository”.
FIG. 1B is a diagram that illustrates the CSFs under development for a oneM2M architecture.
oneM2M enables the following types of Nodes: Application Service Nodes (ASNs), Application Dedicated Node (ADNs), Middle Nodes (MNs) and Infrastructure Nodes (INs).
An Application Service Node (ASN) is a Node that contains one CSE and contains at least one AE. An example of physical mapping is an ASN that resides in an M2M Device.
An Application Dedicated Node (ADN) is a Node that contains at least one AE and does not contain a CSE. An example of physical mapping is an ADN that resides in a constrained M2M Device.
A Middle Node (MN) is a Node that contains one CSE and contains zero or more AEs. An example of physical mapping is an MN that resides in an M2M Gateway.
An Infrastructure Node (IN) is a Node that contains one CSE and contains zero or more AEs. An example of physical mapping is an IN that resides in an M2M Service Infrastructure.
Currently, when oneM2M end-nodes want to communicate with one another in a secure manner, the nodes and intermediate nodes establish security association with one another in a hop-by-hop manner. Hop-by-hop security associations may be established by means of symmetric keys, using certificates or by a bootstrapping process which may be performed by a direct process or by means of an infrastructure. Also, TS-0003—Security Solutions doc states that: “At the service layer level, the security association establishment results in a TLS or DTLS session which protects messages being exchanged between adjacent AE/CSE, i.e. hop-by-hop. AEs that need to preserve the privacy of their information exchange from untrusted intermediate nodes may be provisioned to support a direct security association between them.”